Through a FOIA request, the Wall Street Journal recently obtained--and generously provided to the public--never-before-seen documents from the FTC's 2011-2012 investigation of Google for antitrust violations. The Journal's initial report (Inside the U.S. Antitrust Probe of Google) examined the divergence between the staff's recommendation and the FTC commissioners' ultimate decision, while search engine guru Danny Sullivan later highlighted 64 notable quotes from the documents.

In today's piece, I compare the available materials (particularly the staff memorandum's primary source quotations from internal Google emails) with the company's public statements on the same subjects. The comparison is revealing: Google's public statements typically emphasize a lofty focus on others' interests, such as giving users the most relevant results and paying publishers as much as possible. Yet internal Google documents reveal managers who are primarily focused on advancing the company's own interests, including through concealed tactics that contradict the company's public commitments.

For online platform businesses, customer mobilization challenges loom large. The most successful platforms connect two or more types of users—buyers and sellers on a shopping portal, travelers and hotel operators on a booking service—and a strong launch usually requires convincing early users to join even before the platform reaches scale. Customers find Skype worth installing only if there are people on the platform to talk to. Who would join PayPal if there were no one to pay? Every platform starts out empty, making these worries particularly acute. For multisided platforms, which need not only many users, but many users of different types, the risk is even greater. It’s not enough for a car-dispatch platform to have a large base of customers who want to book rides by smartphone. It also needs drivers willing to accept those bookings.

Often, a platform's designer has a workable plan once it achieves an early critical mass of users. If a service had drivers, it could attract passengers, or vice versa. And when we look at the myriad platforms that have overcome these hurdles, it can be easy to assume solutions will present themselves. In fact success is far from guaranteed, and many startups fail at this crucial stage. In an article in next month's Harvard Business Review, I offer strategies to guide entrepreneurs through this challenge.

In today's post, I examine a company called IronSource, maker and bundler of deceptive adware. Among other problems, IronSource insatllations widely promise to provide software IronSource and its partners have no legal right to redistribute (indeed, specifically contrary to applicable license agreements); they bundle adware that users have no reason to expect with genuine software; they bombard users with popup ads, injected banner ads, extra toolbars, and other intrusions. It's the very opposite of mainstream legitimate advertising. Despite these problems, IronSource counts support from industry certifiers such as TRUSTe and McAfee, as well as financial support from top-tier bankers JP Morgan and Morgan Stanley.

A timeless maxim suggests that it’s better to ask forgiveness than permission. Nowhere is that more prominent than in the current crop of digital businesses, which tend to skirt laws they find inconvenient. Though these services and their innovative business models win acclaim from consumers and investors, their approach to the law is troubling — both for its implications for civil society and in its contagious influence on other firms in turn pressured to skirt legal requirements.

Many people have seen my emails with Ran Duan of Sichuan Garden restaurant in Brookline.

Having reflected on my interaction with Ran, including what I said and how I said it, it's clear that I was very much out of line. I aspire to act with great respect and humility in dealing with others, no matter what the situation. Clearly I failed to do so. I am sorry, and I intend to do better in the future.

I have reached out to Ran and will apologize to him personally as well.

While FTC guidelines call for "clear" and "prominent" visual cues to separate advertisements from algorithmic results, Google has moved in the opposite direction -- eliminating distinctive colors that previously helped distinguish advertisements from other search results.

Aspira Networks reconfigures ISPs' networks so that if a user makes a purchase from a targeted merchant's site, the merchant has to pay Aspira an affiliate commission -- even though Aspira did nothing to cause or encourage the user's purchase.

Many companies depend on powerful platforms which distinctively influence buyers' purchasing. (Consider, Google, Amazon, and myriad others in their respective spheres.) I consider implications of these platforms' market power, then suggest strategies to help companies recapture value or at least protect themselves from abuse.

Google often argues that "competition is one click away" -- as if Google's many successes result solely from competition on the merits. Let me offer a different perspective: After early success in search and search advertising, Google used its strength in those sectors to increase its likelihood of success elsewhere -- even where competitors' offerings were objectively preferable and even where consumers would have preferred alternatives had that choice been genuinely available.

Today I'm posting an article exploring a series of incidents where Google used tying and bundling to expand its dominance into additional markets. In each market, I present the details of Google's approach, then assess concerns under antitrust law.

Google claims that its Android mobile operating system is "open" and "open source"—hence a benefit to competition. Little-known contract restrictions reveal otherwise: In order to obtain key mobile apps, including Google's own Search, Maps, and YouTube, manufacturers must agree to install all the apps Google specifies, with the prominence Google requires, including setting these apps as default where Google instructs. It's a classic tie and an instance of full line forcing: If a phone manufacturer wants any of the apps Google offers, it must take the others also.

Video and advertising conglomerate Blinkx tells investors its "strong performance" results from "strategic initiatives" and "expanding demand, content, and audiences." Indeed, Blinkx recently climbed past a $1.2 billion valuation. At first glance, it sounds like a great business. But looking more carefully, I see reason for grave doubts.

My concerns result in large part from the longstanding practices of two of Blinkx's key acquisitions, Zango and AdOn. But concerns extend even to Blinkx's namesake video site. In the following sections, I address each in turn. Specifically, I show ex-Zango adware still sneaking onto users' computers and still defrauding advertisers. I show the ex-AdOn traffic broker still sending invisible, popup, and other tainted traffic. I show Blinkx' namesake site, Blinkx.com, leading users through a maze of low-content pages, while charging advertisers for video ads systematically not visible to users.

Online marketplaces often contain information not only about products, but also about the people selling the products. In an effort to facilitate trust, many platforms encourage sellers to provide personal profiles and even to post pictures of themselves. However, these features may also facilitate discrimination based on sellers' race, gender, age, or other characteristics.

Last week Michael Luca and I posted Digital Discrimination: The Case of Airbnb.com, in which we test for racial discrimination against landlords in the online rental marketplace Airbnb.com. We collected information about all Airbnb hosts in New York City, including their rental prices and the quality of their properties. We find that non-black hosts charge approximately 12% more than black hosts for the equivalent rental. These effects are robust when controlling for all information visible in the Airbnb marketplace, including even property photos.

Our findings highlight the risk of discrimination in online marketplaces, suggesting an important unintended consequence of a seemingly-routine mechanism for building trust.
There is no fundamental reason why a guest needs see a host's picture in advance of making a booking -- nor does a guest necessarily even need to know a host's name (from which race may sometimes be inferred). In other respects, Airbnb has been quite sophisticated in limiting the information available to hosts and guests on its platform -- for example, AIrbnb prohibits (and runs software to prevent) hosts and guests from sharing email addresses or phone numbers before a booking is made, lest this information exchange let parties contract directly and avoid Airbnb fees.
Given Airbnb's careful consideration of what information is available to guests and hosts, Airbnb might consider eliminating or reducing the prominence of host photos: It is not immediately obvious what beneficial information these photos provide, while they risk facilitating discrimination by guests.

In modern markets, buyers can often buy the same good or service directly from a seller, and through one or more intermediaries, all at the same exact price. How should buyers behave in these markets? The natural strategy is to choose whichever intermediary offers the greatest benefit -- perhaps a rebate, some loyalty points, or superior service. One intermediary might charge sellers far higher fees than another. But to buyers, these fees are irrelevant since they are paid entirely by sellers. It's a classic I-choose-you-pay situation, and buyers predictably head for high-benefit intermediaries. The resulting outcomes can be both distortionary and welfare-reducing. For example, seeing an airline's flights available both directly on the airline's web site and via an online travel agent (like Expedia or Orbitz) ("OTA"), a buyer has every reason to choose the latter -- avoiding retyping name, address, and payment details that the OTA already has on file. Convenient as an OTA may be, few users would willingly pay the ~$3 per segment (~$12 for a standard US domestic connecting round-trip) that OTAs charge to airlines. So too for credit cards: Their rebates and points are valuable, but most consumers would prefer a ~3% discount (the fee the seller pays to the card network).

Last week Julian Wright and I posted Price Coherence and Excessive Intermediation (updated link adjusted in March 2015), analyzing incentives and outcomes in affected markets. We find that price coherence reduces consumer surplus and welfare due to inflated retail prices, over-investment in providing benefits to buyers, and excessive usage of intermediaries' services. Notably, competition among intermediaries does not fix these problems: Indeed, competition among intermediaries intensifies the problems by increasing the magnitude of the effects and broadening the circumstances in which they arise.

Affiliate programs vary dramatically in their incidence of fraud. In some merchants' affiliate programs, rogue affiliates fill the ranks of high-earners. Yet other similarly-sized merchants have little or no fraud. Why the difference?

In Information and Incentives in Online Affiliate Marketing, Wesley Brandi and I examine the impact of varying merchant management decisions. Which works best, as between network-managed programs, outsourced program managers, and in-house management? Our crawlers have the answers.

Ad injectors insert ads into others' sites, without permission from those sites and without payment to those sites. In this article, we review the basic operation of ad injectors, then examine the ad networks, exchanges, and other intermediaries that broker the placement of advertising through injectors.

We also report which advertisers most often advertise through injectors. Whether through complexity, inattention, or indifference, these advertisers' expenditures are ultimately the sole revenue source for injectors.

The European Commission last month posted a restatement of its concerns at certain Google practices as well as Google's proposed commitments. This week I filed two comments critiquing Google's proposal. They are available here:

Comments on AT.39740 (with Zhenyu Lai) as to Google's exclusive use of screen space to promote its own specialized services, and as to an alternative remedy to preserve competition and user choice in the area of specialized search services.

Comments on AT.39740 (Edelman) as to the failure of Google's proposed commitments to undo the harm of Google's past violations, and alternative remedies preserve competition in the area of specialized search services, taking data from publishers, providing advertising services to publishers, and allowing advertisers to use multiple ad platforms.

Google often shows “OneBox” search results promoting its own services. These results have prompted antitrust scrutiny: Google awards these preferred placements exclusively to Google's own services, such as Google Flight Search and Google Maps, but never to competing services such as Kayak or Mapquest. Moreover, Google presents OneBox with special format, including distinctive layouts, extra images, and even in-page interactivity – benefits not available to ordinary listings for other sites. Regulators and competitors sense that these exclusive practices can undermine competition and innovation by denying traffic to would-be competitors. But how large is the effect? How much does Google's exclusive OneBox placement impact search engine traffic to adjacent online markets?

In a working paper, Zhenyu Lai and I measure the impact of OneBox by using a quasi-experiment before and after the introduction of Google Flight Search. We compare user behavior on searches across thousands of search queries like “cheap flights from sfo to san ” (which displayed a OneBox for Google Flight Search), and similar search queries like “cheaper flights from sfo to san” (emphasis added) (which did not display OneBox). We find that Google's display of Flight Search in an exclusive OneBox decreased user click-through rates on unpaid search results by 65 percent, and increased user click-through rates on paid advertising links by 85 percent. This effect was disproportionately evident among online travel agencies that were popular destinations for affected search queries.

Even the most careful read through Google's many Terms of Use and Privacy Policies gives no indication that whenever a user buys an Android app from the Google Play marketplace, Google send the app developer the user's name and email address.
In today's post, I examine applicable Google policies -- finding that no document gives Google the right to provide users' information to app developers, and indeed multiple documents affirmatively commit that Google will not do so. I critique Google's response and
suggest appropriate objectives and outcomes for an investigation.

Ever felt the "taxes" on air travel are unduly high? In other travel contexts (most notably, rental cars), genuine government-imposed taxes often approach or even exceed the amount payable to service providers.
But when airlines quote fares, they sometimes include as "taxes" certain carrier-imposed surcharges they set on their own, not required by any government and used only to defray their ordinary costs of operations.

In today's post, we provide numerous examples. For example, we show American Airlines misrepresenting "tax" on paid tickets booked both online and by telephone, on award tickets, and even when customers seek alternative flights after cancelation.
Meanwhile, we show BA's "fuel surcharges" not only disclosed in ways impermissible under DOT regulation, but of an amount that appears to exceed BA's actual cost of fuel.
We have submitted complaints to DOT as to these and other violations.

I have repeatedly flagged serious problems with IAC/Ask.com toolbars -- targeting kids, bundles without consent, even installs through security exploits.

In today's piece I provide a 2013 update. IAC is still targeting kids -- both explicitly (installation solicitations that promise "Kids Games" and the like) and through cartoons and animation. IAC continues to show voluminous advertising,
far more than other search engines, and with oversized ad clickable areas in violation of Google policies and industry norms. IAC"s uninstaller is incomplete, also in breach of Google rules and industry standards.

Last week the FTC closed its 21-month investigation of Google
after Google made several small concessions, among them dropping certain restrictions on use of Google's AdWords API --
rules that previously limited how advertisers and tool-makers may copy advertisers' own data from Google's servers.
Removing the restrictions is a step forward for advertisers and for competition. But the FTC should have demanded more from Google
in order to address the harm resulting from seven years of these restrictions.

Our automation continuously scours the web for rogue affiliates. In our query tool, we provide a basic sense of how much we've found. We have also writtenupscoresofsamplerogueaffiliates, but the holiday season provides an impetus for more: Thanks to high online spending, affiliate fraud at this time of year is particularly profitable for perpetrators -- and particularly costly to merchants.

Some analysts view affiliate marketing as "fraud-proof" because affiliates are only paid a commission when a sale occurs. But affiliate marketing nonetheless gives rise to various disputes -- typically, merchants alleging that affiliates claimed commission they had not properly earned. Most such disputes are resolved informally: merchants withhold amounts affiliates have purportedly earned but have not yet received. Occasionally, disputes end up in litigation with public availability of the details of alleged perpetrators, victims, amounts, and methods.

While I've written up dozens of rogue affiliates on this site and in various presentations, today Wesley Brandi and I are introducing something better: query-based access to our records of affiliate fraud targeting top affiliate merchants. Enter a merchant's domain name, and we'll tell you how much affiliate fraud we've seen targeting that domain -- handy for merchants wanting to check whether their program is clean, and for affiliates wanting to confirm the trustworthiness a program they're considering promoting. We're not currently posting details of the specific perpetrators, but we have affiliate ID numbers, domain names, and packet log proof on file for each violator, and we can provide these upon request.

Take a look: Affiliate Fraud Information Lookup (2015 update: service no longer operational)

We present a cookie-stuffer that collects traffic by hacking numerous top sites, including sites as popular searchenginewatch.com (Alexa traffic rank #2045). The perpetrator then monetizes this traffic by invisibly dropping affiliate cookies for Amazon, using 200+ separate affiliate IDs to evade notice.

A decade ago, the FTC reminded search engines of their duty to label advertisements as such. Most general-purpose search engines now do so (though they're sometimes less than forthright). But practices at specialized search engines often fall far short.

In today's posting, Paul Kominers and I examine leading online apartment search services and evaluate the disclosures associated with their paid listings. We find paid placement and paid inclusion listings at each site, but disclosures range from limited to nonexistent. Where disclosures exist, they are largely hidden behind multiple intermediate pages, effectively invisible to most users. We propose specific ways these sites could improve their disclosures, and we flag their duties under existing law.

Google's new "Google Search Plus Your World" service favors Google Plus results at the expense of more popular social networks like Facebook and Twitter. These changes have prompted widespread concern, and rightly so. But in fact Google's dubious tying tactics extend well beyond Google Plus. I show Google using tying to favor all manner of its services, including using tying to force others to submit to Google's will even in areas where Google is not yet dominant.

Daily deals sites often promise discounts exceeding 50% -- mobilizing millions of consumers spending billions of dollars. Yet this model faces growing resistance, particularly from merchants concerned that "deals" offers are unprofitable. The natural question: When and how are large discounts sustainable?

Deals services seem to envision delivering new customers who return paying full price, yet they've done little to demonstrate that return visits actually occur. And there's reason to doubt whether customers enticed by a discount will actually return to pay full price. I explore the implications, including the requirements for a profitable discounting model grounded in price discrimination rather than full-price return visits.

This week's Senate Antitrust Subcommittee hearing promises to investigate persistent allegations of Google abusing its market power. In these discussions, it's crucial to remember whose spending fuels Google's monopoly: advertisers. Google is far from generous to advertisers -- burdening them with high pricing, harsh terms, and various restrictions that primarily serve Google's interests. In this piece, I review worrisome practices regulators should investigate and, in due course, seek to prevent.

A DOJ investigation of Google's pharmaceutical advertising practices yielded a $500 million forfeiture and an admission of wrongdoing. More than that, the resulting documents prove Google's knowledge of, and participation in, advertising practices Google knew to be unlawful. I explore the implications for other controversial conduct that remains widespread despite Google's promise to take action. From deceptive ads to trademark, copyright, and more, Google's claims of innocence are increasingly difficult to believe.

Following up on my recent article about consumer protection problems in discount voucher sales, I've posted a letter-writing tool to help consumers resolve their voucher problems. From expiration to cashback to day-of-week, time-of-day, and unexpected terms added after purchase, there are quite a few ways consumers can end up dissatisfied with the discount vouchers they buy. Many voucher services offer refunds only if consumers complain vigorously. Our tool helps consumers write concise but persuasive letters, including drawing on applicable state law where appropriate.

We evaluate five areas where online discount voucher services -- Groupon and similar sites -- risk falling afoul of applicable consumer protection law. We present applicable laws from selected states and evaluate compliance by voucher services and their affiliated merchants. We examine voucher services' attempts to limit their liability, and we explain why consumers and regulators should find current practices insufficient.

Last week, Google's 10-Q disclosed a $500 million charge for, the Wall Street Journal revealed, Google's sale of advertising to online pharmacies that break US laws. Kudos to the Department of Justice for holding Google accountable for these unlawful advertisements. But in fact there are numerous other categories where Google also shows, and has long shown, widespread deceptive advertisements. From "free" ringtones that aren't, to spyware/adware bundlers, to dubious mortgage modification schemes, deceptive ads are all too widespread. Google could and should do more to prevent these schemes and to avoid doing business with such advertisers.

In a forthcoming paper, I'll survey the problem of search bias -- search engines granting preferred placement and/or terms to their own links or to others' links chosen for improper purposes. Today I'd like to focus on remedies -- what tactics a dominant search engine ought not employ due to their detrimental effects on competition, and how prohibiting those tactics would help assure fair competition in search and related businesses.

Google this week sparked a media uproar by alleging that Microsoft Bing "copies" Google results. But is that actually the best characterization of what happened? In fact Google's engineers intentionally clicked bogus listings they had previously inserted into Google's results, and they did this on computers where they had specifically authorized Microsoft to examine their browsing in order to improve Bing.

Strikingly, Google's own Matt Cutts previously endorsed the use of Toolbar and similar data to improve search results -- calling this approach "a good idea." And Google's own Toolbar Privacy Policy allows Google to perform the same analysis Bing used. So I don't have much sympathy for Google's allegations of impropriety. Quite the contrary: With Bing's small market share, this data is important in improving Bing search results and building a viable competitor to Google's dominant search offering.

By comparing results between leading search engines, we identify patterns in their algorithmic search listings. We find that each search engine favors its own services in that each search engine links to its own services more often than other search engines do so. But some search engines promote their own services significantly more than others. We examine patterns in these differences, and we flag keywords where the problem is particularly widespread.

Even excluding "rich results" (whereby search engines feature their own images, videos, maps, etc.), we find that Google's algorithmic search results link to Google's own services more than three times as often as other search engines link to Google's services.

For selected keywords, biased results advance search engines' interests at users' expense: We demonstrate that lower-ranked listings for other sites sometimes manage to obtain more clicks than Google and Yahoo's own-site listings, even when Google and Yahoo put their own links first.

I present categories of searches for which available evidence indicates Google has "hard-coded" its own links to appear at the top of algorithmic search results, and I offer a methodology for detecting certain kinds of tampering by comparing Google results for similar searches. I compare Google's hard-coded results with Google's public statements and promises, including a dozen denials but at least one admission. I conclude by analyzing the impact of Google's tampering on users and competition, and by proposing principles to block Google's bias.

The FTC has called for "clear and conspicuous disclosures" in advertisement labels at search engines, and the FTC specifically emphasized the need for "terms and a format that are easy for consumers to understand." Unfortunately, Google's new advertisement labels fail this test: Google's "Ads" label is the smallest text on the page, far too easily overlooked. (Indeed, as I show in the image at left, the "Ads" label substantially fits within an "o" in "Google.") Meanwhile, Google now merges algorithmic and advertisement results merged within a single set of listings; Google's "Help" explanations are inaccurate; and Google uses inconsistent labels mere inches apart within search results, as well as across services.

Search engines have long labeled their advertisements with labels like "Sponsored links", "Sponsored results", and "Sponsored sites." Do users actually know that these labels are intended to convey that the listings are paid advertisements? In a draft paper we're posting today, Duncan Gilchrist and I try to find out.

In an online experiment, we measure users' interactions with search engines, both in standard configurations and in modified versions with improved labels identifying search engine advertisements. In particular, for a random subset of users, we change "sponsored link" labels to instead read "paid advertisement." We find that users receiving the “paid advertisement” label click 25% to 33% fewer advertisements and correctly report that they click fewer advertisements, controlling for the number of advertisements they actually click. Results are most pronounced for commercial searches, and for users with low income, low education, and little online experience.

We consider our findings particularly timely in light of Google's change, just last week, to label many of its advertisements as "Ads." On one view, "Ads"” is an improvement – probably easier for unsophisticated consumers to understand. Yet it’s a strikingly tiny label – the smallest text anywhere in Google’s search results, and about a quarter as many pixels as the corresponding disclosure on other search engines. As our paper points out, FTC litigation has systematically sought the label “Paid Advertisement, and we still think that’s the better choice.

In one of the few areas of Internet advertising where Google is not dominant – indeed, where just three years ago Google had no offering at all – Google now uses tying to climb towards a position of dominance. Thanks to Google’s dominance in web search, Google offers preferred placement and superior terms to the advertisers who agree to use Google Affiliate Network (GAN). Competing affiliate networks cannot match these benefits, and Google's bundling strategy threatens to grant Google a position of power in yet another online advertising market.

In today's piece, I identify the specific benefits Google grants to affiliate merchants who agree to use GAN -- including exclusive use of image ads, placement above AdWords advertisers, and fees payable only if a user makes a purchase. I explain why it is improper for Google to bundle these benefits with Google's dominant search service, and I compare Google's tactics in this area to Google's strategy in promoting other services.

Browse Facebook, and you wouldn't expect Facebook's advertisers to learn who you are. After all, Facebook's privacy policy and blog posts promise not to share user data with advertisers except when users grant specific permission.

But in my testing, Facebook's actual practices exactly contradict Facebook's promises. Merely clicking an advertiser's ad reveals to the advertiser the user's Facebook username or user ID. With default privacy settings, the advertiser can then see almost all of a user's activity on Facebook, including name, photos, friends, and more.

Advertisers buying display ads from Sony's Crackle.com rightly and reasonably expect that users can see the ads. But that's not always the case. In today's posting, I present three recent examples of Crackle partners loading the Crackle site invisibly, largely via 1x1 IFRAMEs. I then tabulate observations preserved by my automation, demonstrating that Crackle's tainted traffic has continued for more than a year. I conclude by flagging implications for traffic measurement and ad pricing, and by suggesting what Crackle should do to clean up this mess.

For more than a decade, aggressive website registrants have been engaged in 'typosquatting' -- the intentional registration of misspellings of popular website addresses. Uses for the diverted traffic have evolved over time, ranging from hosting sexually-explicit content to phishing. Several countermeasures have been implemented, including outlawing the practice and developing policies for resolving disputes. Despite these efforts, typosquatting remains rife.

I present screenshots and screen-capture videos demonstrating that even after a user specifically chooses to "disable" the Google Toolbar, and even after the Google Toolbar disappears from view, Google Toolbar continues tracking users' web browsing -- including the specific sites visited, pages browsed, and searches conducted. I then critique Google's installation -- which lets users activate these transmissions in a single click, while ceasing the transmissions is much harder. I compare Google's current notice/consent process to Google's 2004 version, finding important declines in both the presentation and substance of disclosures.

In today's post, I show click fraud with a twist. Like standard click fraud, this infraction completely fakes clicks -- charging advertisers for clicks that didn't actually occur. But this click fraud is carefully targeted -- faking a click to the victim advertiser when the user is already at that advertiser's site. Thus, standard efforts to measure conversion rates classify this traffic as legitimate and valuable -- tricking advertisers into raising their bids and paying even more, when they should be demanding refunds.

This scam targets Google advertisers -- who pay Google's high prices in expectation of receiving high-quality traffic, but instead suffer this unwanted ruse. The traffic comes through a lengthy chain -- fully seven partners passing the traffic from the underlying spyware through to Google. Closest to Google is InfoSpace, whose pattern of dubious traffic I chronicle in special detail.

In February and May 2009, I reported Google paying WhenU spyware to cover selected sites with those sites' own Google PPC ads. These bogus placements perpetrate a practice I call "conversion inflation": They let Google claim credit for purchases that would have happened anyway -- overstating Google's effectiveness and leading advertisers to overbid and overpay for Google traffic.

Google admitted the impropriety of these placements -- even offering a credit to RCN, the advertiser I featured in May, though denying refund requests from other affected advertisers. But, remarkably, Google and its partners have restarted these placements. Today I post the proof -- screenshots, video, and packet log records prepared just this week.

Post-transaction marketers Webloyalty, Vertrue, and Affinion have attracted criticism for solicitations that tend to deceive consumers. They typically feature recurring billing programs that promise a savings or discount, but actually charge users on an ongoing basis. They promote these services while customers are finishing the checkout process at trusted e-commerce sites -- a time when few users expect unrelated offers from third parties. Furthermore, they obtain consumers' credit card numbers from partner sites -- so a user may enter a billing relationship and face credit card charges without providing a card number to the company that posts the charges.

Higlights of my Statement for the Record: I argue that the timing, placement, and format of post-transaction offers deceptively suggest that
the offers are part of the checkout process. (3) I suggest that automatic transfer of consumers’ payment information removes a key warning that customers are incurring a financial obligation. (3-4) I examine disclosures and find them inadequate to cure the deception resulting from the substance, format, and context of the offers. (5) I point out that credit card network rules disallow key post-transaction marketing practices, and I suggest that credit card networks enforce these rules. (6-7) I suggests that low usage rates support an inference of deception, and I provide an empirical strategy to estimate usage rates from publicly-available sources. (7)

I offer five rights to protect advertisers from increasingly powerful ad networks -- avoiding fraudulent charges for services not rendered, guaranteeing data portability so advertisers get the best possible value, and assuring price transparency so advertisers know what they're buying. I explain the need for these rights by presenting specific practices causing particular concern.

With its lofty "Software Principles" and its "do no evil" mantra, Google might seem the last company likely to partner with spyware or adware vendors. But in today's article, I show Google doing exactly that.

Consumers certainly suffer from the sneaky software Google supports. But the clearest victims are advertisers, for these placements systematically charge advertisers for traffic the advertisers would otherwise have received for free.

When a user searches for one company, may a search engine show ads for a direct competitor instead? A natural libertarian instinct might reply yes, sure, do whatever you want. In this brief piece, I push back on that idea, offering reasons why such ads are improper.

I then analyze Utah's HB450, which would prohibit certain deceptive online advertising. I consider the bill's effects, and I explain why I support its approach.

Yahoo's Right Media ad marketplace features widespread ads exactly designed to deceive. I present ten examples of these deceptive ads, and I critique their unwelcome characteristics. To estimate the prevalence of deceptive tactics, I examine Right Media's own analysis ad characteristics -- finding that by Right Media's own admission, deceptive ads total 35% or more of Right Media's advertising inventory.

Google's JotSpot service posts sensitive user data, despite specific promises to the contrary in JotSpot's privacy policy. JotSpot even allows this information to be indexed by Google's search crawlers. JotSpot's postings are, by all indications, accidental. But in the context of a series of similar slip-ups, these postings raise questions about the efficacy of Google's model of hosted applications.

Not all CPA fraud requires placing (or using) spyware or adware on a user's PC. In today's article, I show three examples of affiliates cheating CPA merchants using only a web browser -- without any special software on users' PCs. In particular, I show affiliates running invisible IFRAMEs, hidden portions of banner ads, and redirects loaded through signature icons in forum discussions. In each instance, affiliate claim commissions they did not earn.

This month and last, my AutoTester observed more than two dozen different affiliates cheating VistaPrint through spyware pop-ups -- in each instance, using "self-targeting" to claim affiliate commission on traffic VistaPrint would otherwise have received for free. In today's article, I offer six examples of these observations -- as well as some musings on what VistaPrint might do to block these scams.

At the last minute, the hearing was cancelled, and I won't be able to testify at the rescheduled session. Rather than let my draft written statement languish unread, I'm taking this opportunity to post the prepared testimony I had planned to offer last month.

The Internet's current numbering system is nearing exhaustion: The Internet's primary communications protocol, "IP" (more precisely, IPv4) allows only a finite set of computer numbers ("IP addresses"), and central authorities will soon exhaust the supply.

An alternative IP standard, IPv6, would dramatically increase Internet address capacity. But network incentives impede transition to v6. For example, a device with only a v6 address cannot directly retrieve most web sites because most web sites have only v4 addresses. Consider the undesirability of owning the world's first fax machine (no one to communicate with); to date, v6 has suffered a similar problem, with the additional challenge that existing IPv4 systems boast widespread usage (making an upgrade to v6 appear particularly unnecessary). Furthermore, v4-v6 translation systems are limited at best -- allowing v6-only computers to receive some kinds of v4 content, but often failing to support proprietary or nonstandard systems such as VoIP, videoconferencing, multiplayer video games, and custom software.

With these substantial disincentives and limitations hindering v6 transition, v6 deployment has been slow. It seems continued use of IPv4 will remain necessary for the foreseeable future -- even after central authorities have no more v4 addresses to give out. Today I'm posting an initial analysis of market mechanisms to reallocate existing v4 addresses and facilitate v4's continued use. In particular, I consider the possible effects of paid transfers of v4 addresses. I emphasize rules to ameliorate the worst effects of v4 scarcity, while preserving the core principles of existing regulation and avoiding major negative externalities.

Six and a half months ago, I reported a variety of bad practices at Coupons.com. Key among my concerns: Coupons.com stored data in deceptive filenames and registry entries designed to look like part of Windows -- with names like c:\windows\WindowsShellOld.Manifest.1 and HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Controls Folder\Presentation Style . Furthermore, Coupons.com failed to remove these files upon a user's specific request.

Because Coupons.com is certified by TRUSTe Trusted Download, I reported these behaviors through TRUSTe's Watchdog form. TRUSTe investigated and last month declared success, claiming that "Coupons, Inc. rolled out ... [a] new version of the software ... that writes only one registry key placed in a typical location, named in an appropriate manner." Nonetheless, my tests indicate exactly the opposite -- including all the same deceptive filenames and registry keys I previously identified. Furthermore, my tests indicate that all these files are left behind even after a user performs an uninstall.

I examine anti-spyware software from C-NetMedia. I show deceptive advertising for C-Net's products, including product names, ad text, and web site designs that falsely suggest affiliation with security industry leaders. I examine C-Net's use of many disjoint product names -- preventing consumers from easily learning more about C-Net, its reputation, and its practices. I analyze C-Net's high-pressure sales tactics, including false positives, which overstate the urgency of paying for an upgraded version.

Want to know what a given customer has purchased from Sears? It's surprisingly easy to find out. In this article, I demonstrate how Sears reveals customers' major purchases to anyone who asks -- notwithstanding Sears' stated privacy policy.

Late last month, Benjamin Googins (a senior researcher in the Anti-Spyware unit at Computer Associates) critiqued a ComScore installation performed by Sears' "Sears Holdings Community" ("My SHC Community" or "SHC"). After reviewing the installation sequence, Ben concluded that the installation offered "very little mention of software or tracking" and otherwise fell short of CA and industry standards. I agree.

I write today to add my own critique. I begin by presenting the entire installation sequence in screenshots and video. I then explain why the limited notice provided falls far short of the standards the FTC has established. Finally, I show that Sears' claims of adequate notice are demonstrably false.